Help AWS Managed Microsoft AD logs

Collecting AWS Managed Microsoft AD logs using AWS Lambda

AWS Managed Microsoft AD makes it easy to extend the existing Active Directory to the AWS Cloud. With this, you can leverage your existing on-premises user credentials to access cloud resources.

Analyzing these security logs will help you keep track of your AD environment and troubleshoot easily. Site24x7 AppLogs uses AWS Lambda to collect AWS Managed Microsoft AD logs from CloudWatch and display the collected information in simple formats like human-readable text or graphs and charts for easy analysis. Learn more about log management with Site24x7.

Site24x7 is AWS-reviewed Lambda Service Ready Program Partner

AWS-reviewed Lambda Service Ready Program partner

Creating a log profile

To collect the AWS Managed Microsoft AD logs, you first need to create a log profile. Navigate to Admin > AppLogs > Log Profile > Add Log Profile, and enter the following:

  1. Profile Name: Enter a name for your log profile.
  2. Log Type: Choose Windows Event logs from the drop-down menu. If you haven't enabled AWS Managed Microsoft AD logs on your AWS account, please follow these instructions, and then return to this document.
  3. Log Source: Choose Amazon Lambda.
  4. Log Time Zone: Choose the desired time zone.
  5. Click Save.
  6. Configure AWS Lambda following the steps below.

AWS setup

1. Finding the log group

  • Log in to your AWS console and navigate to Services.
  • Go to CloudWatch.
  • Go to Logs > Log Groups and choose a suitable Log Group from the list.

    Finding the log group

2. Get the AWS Lambda code

Use this link to obtain the code required for AWS Lambda:
https://github.com/site24x7/applogs-aws-lambda/blob/master/cloudwatchlogs/cloudwatch-wineventlog-sender.py

3. Configure AWS Lambda

  • Choose Lambda from the Services drop-down list, and choose Create Function. Select Author from scratch, define a name for the function, and choose Python 3.7 as the Runtime.

Configuring AWS Lambda 

  • Permissions: You can choose an existing IAM role or create a new role with basic AWS Lambda permissions. You also have the option to create a new user role and extend permission to other services as well. Click Create Function.
  • Verify your function name and click Add trigger.
    Add trigger
  • Trigger Configuration:
    • Log group: Select the desired log group as mentioned above.
    • Filter name: Choose a name for your filter.
    • Check the box for Enable trigger, and click Add.

      Trigger configuration

In the window that opens, click on AWS Lambda-s3-Read as shown below:

AWS Lambda-s3-Read

logTypeConfig

You can perform a query language search with Windows Event logs as the log type. Click on Dashboard to view different widgets on the same.

Related log types

Was this document helpful?
Thanks for taking the time to share your feedback. We’ll use your feedback to improve our online help resources.

Help AWS Managed Microsoft AD logs